[kwlug-disc] How to ... having ssh key connected ... ask for password, logout if fail?
B. S.
bs27975 at gmail.com
Thu Oct 6 09:00:18 EDT 2016
On 10/05/2016 05:06 PM, Bob Jonkman wrote:
>
> Perhaps you can ssh-with-certs into an unprivileged account, then from
> there 'su username' into the real account to get things done. That'll
> ask for a password...
This appears to be the answer. Near the top of ~/.bashrc, not ~/.ssh/rc,
add:
if [[ -v SSH_CONNECTION ]] ; then
{
if [[ ! -v SSH_DETECTED ]] ; then
{
# Bash enabled user SSHing in, but not bash'ing - eject them.
[[ ! -v SSH_TTY ]] && exit
export SSH_DETECTED=1
echo SSH_CONNECTION is \'$SSH_CONNECTION\'
# echo User is $USER
# Substitute a.b.c with your local net's /24.
if [[ "${SSH_CONNECTION:0:11}" != "a.b.c." ]] ; then
{
echo -e SSH CONNECTION, foreign, DETECTED: Calling su.\\n
su $USER -
logout
}
else
{
echo SSH connection local: Proceeding without calling su.
}
fi
}
fi
}
fi
- if nothing else, this will force a password prompt for any
passphrase-less keys that may be out there.
More information about the kwlug-disc
mailing list